Tested version : Opera 7.02 Build 2668
Vendor Status : Vendor was contacted on 8-4-2003
Opera web browser has an unchecked buffer in his code that allow a malicious website to crash it and in certain circumstances , execute code with user priviliges .
To reproduce the bug open this link
http://usuarios.lycos.es/idoru/aaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.zip
Opera crashes with an access violation . Instruction pointer EIP is overwritten by the file name converted to unicode . That makes only possible to reference certain addresses in memory to execute . To place your code to execute in a valid address you have to assign it to an enviroment variable .That place your code in an address that can be referenced by EIP ( ~00010040 )
David F. Madrid Madrid , Spain